Items tagged with Java

If you don't pay close attention, you may end up switching your default search engine without realizing it. That's the whole idea, really. During Yahoo's annual shareholder meeting on Wednesday, company boss Marissa Mayer talked about how search was in Yahoo's DNA and always will be. More importantly, she announced a three-year partnership with Oracle aimed at getting more users to try Yahoo's search engine. As part of the partnership, Yahoo will be the default search provider for Oracle's Java software. What this means is when you install or update Java, the software will ask permission to change...Read more...

Oracle sued Google over its use of Java to build the Android operating system a few years ago, but Google won the case. However, an appeals court has overturned that ruling, finding that “the declaring code and the structure, sequence, and organization of the API packages are entitled to copyright protection”. This ruling is a big deal because it could severely limit what software makers can safely do without getting sued and could hamper innovation. Google is of course displeased with the ruling, but others in the industry are none too happy either. Image credit: orangesparrow/Flickr...Read more...

As if Yahoo needed more bad press after the slow-boil frustration that is the new Yahoo Mail, at least one security firm found that the company’s homepage served up malicious ads to potentially millions of users, with likely thousands infected. Security firm Fox IT, which operates Security Operations Center service ProtACT reported that for a period starting on December 30th (possibly earlier) and stretching to around January 3rd (when the malicious traffic started to die off), visitors to Yahoo.com were served malicious ads that redirected them to domains that pointed to a single IP address...Read more...

Massive Open Online Courses, better known as MOOCs, are getting some traction in the education community - and we’re not just saying that because Oxford Dictionaries online added the term last week. The challenge to creating true MOOCs has been in the Open part of Massive Open Online Course: making all aspects of the course are freely available to students. Rupert Murdoch’s new Amplify MOOC is launching this year, providing schools and students with a credible AP computer science MOOC. The AP CS MOOC is a two-semester course in which your assignments are graded individually and you...Read more...

You have to give a little credit to Google; just a couple of days after Bitcoin announced that it found vulnerabilities with Android wallets, the Android dev team figured out the root cause of the problem and issued patches to developers. (Google credited Soo Hyeon Kim and Daewan Han of ETRI and Dong Hoon Lee of Korea University for the heads-up.) “We have now determined that applications which use the Java Cryptography Architecture (JCA) for key generation, signing, or random number generation may not receive cryptographically strong values on Android devices due to improper initialization...Read more...

Do you use Java? If so, be aware that Oracle just released its "June 2013 Critical Update for Java SE," a collection of code that provides 40 new security fixes. All but three of them are security holes that can be exploited from a remote location without any kind of authentication. Four of the vulnerabilities affect client and server deployments, while 34 only affect client deployments, Oracle said, adding that Java users should waste no time applying the update. "Oracle recommends that this Critical Patch Update be applied as soon as possible because it includes fixes for a number of severe vulnerabilities,"...Read more...

Another day, another issue with Java. In a world that is becoming increasingly fraught with privacy invasions and security breaches, Java has been a term that's been popping up in negative fashion of late. Now, Apple has shot out a new batch of security patches for OS X, one of which covers up a flaw that "allowed Java Web Start applications to run even when users had Java disabled in the browser." OS X 10.8.3 fixed a total of 21 issues in terms of security, and it also throws in a fresh edition of the malware removal tool for Apple rigs. In an Apple advisory: "Visiting a maliciously crafted website...Read more...

You've got to love hacker conferences. Software vulnerabilities are never going away, that much is obvious, but it's with competitions at hacker conferences where we can really see just how vulnerable the software we use every single day is. Putting this into perspective, prior to the Pwn2Own conference in Canada, Google patched-up ten bugs in Chrome - six of which were considered severe. Despite that, Chrome was hit with a zero-day during the conference that granted code execution in the browser's sandbox renderer process. Chrome is hardly the only guilty party, however. Equally-severe...Read more...

Is there a world record for number of software vulnerabilities exposed within the span of a single month? If so, I'm willing to bet that Oracle's Java is the clear winner. We've reported on many Java happenings over the past couple of months, and it doesn't look like the fun is going to end anytime soon. Security firm FireEye is responsible for the latest finding, noting that this zero-day exploit has been successfully executed using Java 1.6 update 41 and the most recent 1.7 update 15. It takes advantage of a vulnerability that might allow someone to overwrite bits of data Java has stored in the...Read more...

Microsoft has just joined the small list of companies that have experienced a cyberattack this past month, made all the more interesting due to the fact that it's the same one that Apple and Facebook suffered. Compared to Facebook's informative post, Microsoft's could be considered minimal, with the bulk of what's important seen below: "Consistent with our security response practices, we chose not to make a statement during the initial information gathering process. During our investigation, we found a small number of computers, including some in our Mac business unit, that were infected by...Read more...

If our not-too-subtle hint a couple of weeks ago about the perils of having Java installed wasn't enough to convince you to uninstall, you should waste no time in heading on over to the official site and grabbing the latest version (7u13). When it comes to Java, the Swiss-cheese of the software world, it's important to snag updates whenever they're rolled-out - but this one is in a league of its own. Oracle managed to pack 50 fixes with this single update - the largest bulk of fixes ever seen in the software's history. For those interested in getting into the nitty gritty of what's been patched...Read more...

When Oracle released its Java Update 11 earlier this week, it patched several zero-day exploits that security researchers had previously identified. Nevertheless, a number of firms still recommended uninstalling Java due to a number of remaining bugs. It's taken less than a week for new flaws to surface -- and these are issues that hadn't previously been identified. Adam Gowdiak, of Security Explorations, noticed that while Update 11 fixed some outstanding issues, it did nothing to repair a flaw in the Java MbeanInstantiator that still allows for the execution of malicious code. Oracle's decision...Read more...

Java is a mess; Oracle’s software has become a popular target of cybercriminals, and news about Java exploits is becoming more and more common, even as the solutions Oracle provides offer little comfort. Wait, it gets worse: According to Kaspersky Labs and security company Seculert, the terrifying and massive Red October botnet espionage campaign that swiped sensitive data from governments worldwide used Java exploits to penetrate some systems. Specifically, the exploit in question is CVE-2011-3544, which is present in Java 7 and 6 (update 27) and allows “remote untrusted Java Web Start...Read more...

Software vulnerabilities are common, but it’s not every day that the Computer Readiness Team (CERT) at the U.S. Department of Homeland Security steps in and starts warning the public. Not surprisingly, Oracle jumped on the security hole and released an update (Java Update 7u11) that resolves the problem. If you’re running Java (even the Java plug-in in your browser), update now. That said, not everyone is convinced that Java users are completely in the clear after updating to the latest version. Experts agree that the updated version of Java now blocks the zero day...Read more...